From: Trond Myklebust Date: Sat, 3 Feb 2007 21:38:40 +0000 (-0800) Subject: RPC: Fix double free in portmapper code X-Git-Tag: v2.6.21-rc1~302 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=54cc533aaa0dc331ad126f0aacfb19572adee638;p=linux-2.6-omap-h63xx.git RPC: Fix double free in portmapper code rpc_run_task is guaranteed to always call ->rpc_release. Signed-off-by: Trond Myklebust --- diff --git a/net/sunrpc/pmap_clnt.c b/net/sunrpc/pmap_clnt.c index 3946ec3eb51..76e59e9b8fb 100644 --- a/net/sunrpc/pmap_clnt.c +++ b/net/sunrpc/pmap_clnt.c @@ -62,7 +62,10 @@ static inline void pmap_map_free(struct portmap_args *map) static void pmap_map_release(void *data) { - pmap_map_free(data); + struct portmap_args *map = data; + + xprt_put(map->pm_xprt); + pmap_map_free(map); } static const struct rpc_call_ops pmap_getport_ops = { @@ -133,7 +136,7 @@ void rpc_getport(struct rpc_task *task) status = -EIO; child = rpc_run_task(pmap_clnt, RPC_TASK_ASYNC, &pmap_getport_ops, map); if (IS_ERR(child)) - goto bailout; + goto bailout_nofree; rpc_put_task(child); task->tk_xprt->stat.bind_count++; @@ -222,7 +225,6 @@ static void pmap_getport_done(struct rpc_task *child, void *data) child->tk_pid, status, map->pm_port); pmap_wake_portmap_waiters(xprt, status); - xprt_put(xprt); } /**